Description
------------
PHP version 5.3.1 was just released. This release contains a patch for a
denial of service condition we've reported on 27 October 2009. The
problem is related with PHP's handling of RFC 1867 (Form-based File
Upload in HTML).
When you send a POST request to a PHP script with the content-type of
"multipart/form-data" and include a list of files in that request, PHP
will create a temporary file for each file from the request. PHP will
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
2007 were affected.
WHID 2007-60: The blog of a Cambridge University security team hacked
=====================================================================
Reported: 19 December 2007, Occurred: 27 October 2007
Classifications:
* Attack Method: Known Vulnerability
* Attack Method: Insufficient Authentication
> 2007 were affected.
>
>
> WHID 2007-60: The blog of a Cambridge University security team hacked
> =====================================================================
> Reported: 19 December 2007, Occurred: 27 October 2007
>
> Classifications:
>
> * Attack Method: Known Vulnerability
> * Attack Method: Insufficient Authentication
action: install revision C.9.3.2.10.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 October 2011 Initial release
Version:2 (rev.2) 14 December 2011 Added BIND 9.2 solution
Version:3 (rev.3) 14 December 2011 Corrected typo in BIND 9.2 table
Version:4 (rev.4) 19 January 2012 Corrected B.11.23 patch ID typo in AFFECTED VERSIONS
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
END AFFECTED VERSIONS
HISTORY
Version: 1 (rev.1) - 26 October 2011 Initial release
Version: 2 (rev.2) - 27 October 2011 Corrected SWA directive
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
action: install revision C.9.3.2.10.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 October 2011 Initial release
Version:2 (rev.2) 14 December 2011 Added BIND 9.2 solution
Version:3 (rev.3) 14 December 2011 Corrected typo in BIND 9.2 table
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
This issue has been assigned CVE number CVE-2009-3370.
Disclosure Timeline
-------------------
8th August 2009 - Initial Discovery and Vendor Notification 8th August 2009 - Vendor Response
27 October 2009 - Vendor Advisory Release
4 November 2009 - Context Information Security Advisory Release
Credits
-------
Paul Stone of Context Information Security Ltd
action: install revision C.9.3.2.10.0 or subsequent
END AFFECTED VERSIONS
HISTORY
Version:1 (rev.1) 27 October 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
